Malicious PDF — malware analysis report

Static analysis result for SHA-256 7ae694cbc91e04f3…

MALICIOUS

PDF

18.9 KB Created: 2019-11-07 09:22:14 +00:00 Authoring application: mPDF 5.7
MD5: ca60a5c990ba6a9e2103974799457ed2 SHA-1: 5c930dff7bdb7b522733032a0286f1008ca5c8ed SHA-256: 7ae694cbc91e04f3a3df33273e54489a533f4c4816affea21c10aba8ba4caaf2
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. While many of these links point to benign content, the sheer volume and the nature of the heuristic suggest a malicious intent, possibly to manipulate search engine rankings or to serve as a distribution point for further malicious content. The ML_NYX_PDF_MALICIOUS classifier also strongly indicated maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9920

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/2739739730737738/Clay-s-Way-by-Blair-Mastbaum.pdf
    • http://cefasfese.4pu.com/5739731736735738/The-Blair-Witch-Project-Il-mistero-della-strega-di-Blair-Il-dossier-by-D-A-Stern.pdf
    • http://cefasfese.4pu.com/7738735732731735/Blair-s-Chronological-and-Historical-Tables-From-the-Creation-to-the-Present-Time-with-Additions-and-Corrections-from-the-Most-Authentic-Writers-Including-the-Computation-of-St-Paul-as-Connecting-the-Period-from-the-Exode-to-the-Temple-by-John-Blair.pdf
    • http://cefasfese.4pu.com/7738735732737732/Blair-s-Chronological-and-Historical-Tables-from-the-Creation-to-the-Present-Time-With-Additions-and-Corrections-from-the-Most-Authentic-Writers-Including-the-Computation-of-St-Paul-as-Connected-the-Period-from-the-Exode-to-the-Temple-by-John-Blair.pdf
    • http://cefasfese.4pu.com/4735738735731736/Moonwalking-by-D-Blair.pdf
    • http://cefasfese.4pu.com/7739733735733/Freeing-Fading-2-by-E-K-Blair.pdf
    • http://cefasfese.4pu.com/2731730733731732/Closing-in-by-Kerry-Blair.pdf
    • http://cefasfese.4pu.com/1732733736739734/Bad-Chillies-by-Blair-Polly.pdf
    • http://cefasfese.4pu.com/4731735734735738/Author-Anonymous-by-E-K-Blair.pdf
    • http://cefasfese.4pu.com/5732731730738732/Last-Heat-by-Peter-Blair.pdf
    • http://cefasfese.4pu.com/7739737734736734/Atavism-by-Karyn-Blair.pdf
    • http://cefasfese.4pu.com/9739732735736732/Farang-by-Peter-Blair.pdf
    • http://cefasfese.4pu.com/1738733733737730/The-Last-Mile-by-Blair-Richmond.pdf
    • http://cefasfese.4pu.com/1733730730738730/The-Boy-Who-Spoke-Dog-by-Clay-Morgan.pdf
    • http://cefasfese.4pu.com/5734732736736/Broken-by-Daniel-Clay.pdf
    • http://cefasfese.4pu.com/1731731731739739733/I-Surrender-All-by-Clay-Crosse.pdf
    • http://cefasfese.4pu.com/4732738739733735/I-Am-the-Clay-by-Chaim-Potok.pdf
    • http://cefasfese.4pu.com/4735730737732734/Lady-Silence-by-Blair-Bancroft.pdf
    • http://cefasfese.4pu.com/4734739736732730/The-River-Nile-by-Kenny-Blair.pdf
    • http://cefasfese.4pu.com/2730737737733/The-Butterfly-Garden-by-Annette-Blair.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.